qdPM Extended
project management software for growth
qdPM Extended based on free version of qdPM and has extended functionality and extra features read more.
Home About What's New? Features Demo Buy Now Translations Bug Report Forum Blog Contact Us

BUG: browser won't save login for specific user group

Moderators: flyingkites, qdPM_Support

<<

newsmark

Posts: 36

Joined: Fri Mar 11, 2016 1:24 pm

Post Wed Apr 13, 2016 1:26 pm

BUG: browser won't save login for specific user group

I've tested this across multiple different browsers on different systems and the results are always the same.

For some reason, I have a group of users "Clients" where the browser will not correctly login a user automatically if the cookies are set with the "Remember Me" checkbox. I can confirm the cookies are set correctly, but when a user of that group tries to access the site (I've tried multiple users in the same group) they are taken to the login page. The only thing I can think of is something due to permissions, but I can't trace it.

For the client group I have the following permissions:

Projects - custom access (view own only and create)
Project Comments - manage own only

No other permissions are allowed/set
<<

newsmark

Posts: 36

Joined: Fri Mar 11, 2016 1:24 pm

Post Wed Apr 13, 2016 2:33 pm

Re: BUG: browser won't save login for specific user group

Figured this out, but still can't explain it. In the login module, under the actions file:

line 235:

$this->getResponse()->setCookie('remember_pass', base64_encode(md5($this->form['password']->getValue())), time()+60*60*24*100,'/');

if remember me is checked, sets a cookie with the hashed password

line: 261:

->addWhere('password=?',base64_decode($request->getCookie('remember_pass')));

on entry, checks the cookie against the password field in the database, if the cookie is set.

For some reason, this was causing a problem for one of my user groups. I have no idea why it would've affected just one group, but removing the password cookie from the system fixed it. This cookie is only used to match for an automatic login, so it's ok to remove. This doesn't affect login checks.
<<

flyingkites

Site Admin

Posts: 281

Joined: Wed Nov 03, 2010 9:06 am

Post Thu Apr 14, 2016 4:22 pm

Re: BUG: browser won't save login for specific user group

Thanks we will look at it in V4.1
<<

flyingkites

Site Admin

Posts: 281

Joined: Wed Nov 03, 2010 9:06 am

Post Mon Nov 07, 2016 2:01 pm

Re: BUG: browser won't save login for specific user group

We were not able to replicate this issue.

Return to Version 4 Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software.